Splunk Enterprise Security

Which configs go on the indexer and which go on the search head for the Splunk App for Enterprise Security in a distributed search environment?


For the Splunk App for Enterprise Security, Is there any documentation that will tell me which config files should go on the indexer and which should go on the search head in a distributed environment?

0 Karma


Why, yes there is an Install Manual.


Read it through entirely before attempting an Install. ES is a tricky beast at times, and if you are new to ES or Splunk, you may want to contact Splunk PS.

Get Updates on the Splunk Community!

What’s new on Splunk Lantern in August

This month’s Splunk Lantern update gives you the low-down on all of the articles we’ve published over the past ...

Welcome to the Future of Data Search & Exploration

You have more data coming at you than ever before. Over the next five years, the total amount of digital data ...

This Week's Community Digest - Splunk Community Happenings [8.3.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...